From 08fe04c241ca49bd63e7ef6ca39a951718d190e3 Mon Sep 17 00:00:00 2001 From: Tobias Reich Date: Fri, 16 May 2014 22:47:45 +0200 Subject: [PATCH 1/5] Added Import:move from Import:server and disabled moveToTemp by default (#151) --- php/modules/Import.php | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/php/modules/Import.php b/php/modules/Import.php index 7584156..8851635 100644 --- a/php/modules/Import.php +++ b/php/modules/Import.php @@ -58,11 +58,7 @@ class Import extends Module { } - static function server($albumID = 0, $path) { - - global $database, $plugins, $settings; - - if (!isset($path)) $path = LYCHEE_UPLOADS_IMPORT; + static function move($database, $path) { # Determine OS type and set move cmd (Windows untested!) $myos = substr(PHP_OS,0,3); @@ -75,7 +71,7 @@ class Import extends Module { $tmpdirname = md5(time() . rand()); # Make temporary directory - if (@mkdir(LYCHEE_DATA . $tmpdirname)===false) { + if (@mkdir(LYCHEE_DATA . $tmpdirname)===false) { Log::error($database, __METHOD__, __LINE__, 'Failed to create temporary directory'); return false; } @@ -107,11 +103,26 @@ class Import extends Module { return false; } + # Set new path + $path = LYCHEE_DATA . $tmpdirname; + + return $path; + + } + + static function server($albumID = 0, $path, $useTemp = false) { + + global $database, $plugins, $settings; + + if (!isset($path)) $path = LYCHEE_UPLOADS_IMPORT; + + if ($useTemp===true) $path = Import::move($database, $path); + $error = false; $contains['photos'] = false; $contains['albums'] = false; - $path = LYCHEE_DATA . $tmpdirname; + # Get all files $files = glob($path . '/*'); foreach ($files as $file) { @@ -149,7 +160,7 @@ class Import extends Module { continue; } - Import::server($newAlbumID, $file . '/'); + Import::server($newAlbumID, $file . '/', false); $contains['albums'] = true; @@ -158,7 +169,7 @@ class Import extends Module { } # Delete tmpdir if import was successful - if ($error===false) rmdir(LYCHEE_DATA . $tmpdirname); + if ($error===false&&$useTemp===true&&isset($tmpdirname)) rmdir(LYCHEE_DATA . $tmpdirname); if ($contains['photos']===false&&$contains['albums']===false) return 'Warning: Folder empty or no readable files to process!'; if ($contains['photos']===false&&$contains['albums']===true) return 'Notice: Import only contains albums!'; From 0dc54c44e0a6607b74e17727b13eef11ad456bd8 Mon Sep 17 00:00:00 2001 From: Tobias Reich Date: Fri, 16 May 2014 23:22:20 +0200 Subject: [PATCH 2/5] Added logging for folder deletion --- php/modules/Import.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/php/modules/Import.php b/php/modules/Import.php index 8851635..0b9fe2a 100644 --- a/php/modules/Import.php +++ b/php/modules/Import.php @@ -169,7 +169,9 @@ class Import extends Module { } # Delete tmpdir if import was successful - if ($error===false&&$useTemp===true&&isset($tmpdirname)) rmdir(LYCHEE_DATA . $tmpdirname); + if ($error===false&&$useTemp===true&&file_exists(LYCHEE_DATA . $tmpdirname)) { + if (@rmdir(LYCHEE_DATA . $tmpdirname)===false) Log::error($database, __METHOD__, __LINE__, 'Could not delete temp-folder (' . LYCHEE_DATA . $tmpdirname . ') after successful import'); + } if ($contains['photos']===false&&$contains['albums']===false) return 'Warning: Folder empty or no readable files to process!'; if ($contains['photos']===false&&$contains['albums']===true) return 'Notice: Import only contains albums!'; From 5689278908971a38903b60e2e1552852988296cd Mon Sep 17 00:00:00 2001 From: Tobias Reich Date: Fri, 16 May 2014 23:22:41 +0200 Subject: [PATCH 3/5] Added logging for subfolders --- php/modules/Import.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/php/modules/Import.php b/php/modules/Import.php index 0b9fe2a..4d28226 100644 --- a/php/modules/Import.php +++ b/php/modules/Import.php @@ -160,7 +160,11 @@ class Import extends Module { continue; } - Import::server($newAlbumID, $file . '/', false); + if (Import::server($newAlbumID, $file . '/', false)==='Warning: Folder empty or no readable files to process!') { + $error = true; + Log::error($database, __METHOD__, __LINE__, 'Could not import folder. Function returned error'); + continue; + } $contains['albums'] = true; From edca6c088a5d44ccfd63fc15a43d9fe7821f5ea5 Mon Sep 17 00:00:00 2001 From: Tobias Reich Date: Fri, 16 May 2014 23:23:49 +0200 Subject: [PATCH 4/5] Added function to check permissions --- php/modules/misc.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/php/modules/misc.php b/php/modules/misc.php index 8da053e..6daf8f1 100755 --- a/php/modules/misc.php +++ b/php/modules/misc.php @@ -108,6 +108,13 @@ function get_hashed_password($password) { } +function hasPermissions($path, $permissions = '0777') { + + if (substr(sprintf('%o', @fileperms($path)), -4)!=$permissions) return false; + else return true; + +} + function fastimagecopyresampled(&$dst_image, $src_image, $dst_x, $dst_y, $src_x, $src_y, $dst_w, $dst_h, $src_w, $src_h, $quality = 4) { ### From 9db3d31cc0746228c87b0ebb07b47d73d60393ce Mon Sep 17 00:00:00 2001 From: Tobias Reich Date: Fri, 16 May 2014 23:24:11 +0200 Subject: [PATCH 5/5] Added permission check to upload --- php/modules/Photo.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/php/modules/Photo.php b/php/modules/Photo.php index dda485b..d274106 100755 --- a/php/modules/Photo.php +++ b/php/modules/Photo.php @@ -43,6 +43,12 @@ class Photo extends Module { # Check dependencies $this->dependencies(isset($this->database)); + # Check permissions + if (hasPermissions(LYCHEE_UPLOADS_BIG)===false||hasPermissions(LYCHEE_UPLOADS_THUMB)===false) { + Log::error($this->database, __METHOD__, __LINE__, 'Wrong permissions in uploads/'); + exit('Error: Wrong permissions in uploads-folder!'); + } + # Call plugins $this->plugins(__METHOD__, 0, func_get_args());